Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Yara Rules Out of Date

App Control: Yara Rules Out of Date

Environment

  • App Control Console: All Supported Versions
  • App Control Agent: All Supported Versions

Symptoms

Endpoints are showing as "Yara out of date" in the Console.

Cause

Communication between the endpoint and the application server is blocked, the Yara.bt9 file is corrupted, or otherwise cannot be properly obtained and imported by the endpoint.

Resolution

  1. Verify the Resource Download Location is valid, and contains the correct Yara.bt9 file.
  2. Confirm that the endpoint is showing as Connected, and not pending an Agent Upgrade, if so remove the Upgrade Request.
  3. If the issue persists; collect a set of High Debug Logs and open the Trace.bt9 file contained within in a text editor.
  4. Search for WinHttpSendRequest:
  5. If the Trace.bt9 capture reveals: "YaraRuleDownloadRequest::ValidateFile: Validation failed" or is otherwise inconclusive, rebuild the Yara.bt9 file.

Additional Notes

If the issue persists after rebuilding the Yara.bt9 file; open a case with Support and provide the Agent Logs captured in Step 3, as well as the Historical Server Logs.

Related Content


Labels (1)
Was this article helpful? Yes No
100% helpful (2/2)
Article Information
Author:
Creation Date:
‎03-29-2018
Views:
5494
Contributors